A heap-based buffer overflow vulnerability was discovered by Damian Put in
Blender BlenLoader 2.0 through 2.40pre which allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary code via a
.blend file with a negative bhead.len value, which causes less memory to be
allocated than expected, possibly due to an integer overflow.
Please note, this issue has already been fixed in stable in security
announcement DSA-1039-1
For the testing distribution (etch) this is fixed in version 2.37a-1.1etch1
For the unstable distribution (sid) this is fixed in version 2.40-1
This upgrade is recommended if you use Blender.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get install blender
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
